Alerts This Week
Warning Icon 1 654
Alerts This Week
Warning Icon 1 654

Mageia 2025-0092: firefox & nss Security Advisory Updates

mageia
Calendar Grey March 12, 2025
Dist Mageia Esm H88
Mageia updates fix critical firefox and nss vulnerabilities to safeguard against potential exploits and improve browser security.
CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free ...

Summary

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

References

- https://bugs.mageia.org/show_bug.cgi?id=34064

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html

- https://www.firefox.com/en-US/firefox/128.8.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/

- https://www.cve.org/CVERecord?id=CVE-2024-43097

- https://www.cve.org/CVERecord?id=CVE-2025-1931

- https://www.cve.org/CVERecord?id=CVE-2025-1932

- https://www.cve.org/CVERecord?id=CVE-2025-1933

- https://www.cve.org/CVERecord?id=CVE-2025-1934

- https://www.cve.org/CVERecord?id=CVE-2025-1935

- https://www.cve.org/CVERecord?id=CVE-2025-1936

- https://www.cve.org/CVERecord?id=CVE-2025-1937

- https://www.cve.org/CVERecord?id=CVE-2025-1938

Topics%20covered

Topics Covered

security advisory buffer overflow firefox memory safety use-after-free nss Mageia

Resolution

SRPMS

- 9/core/firefox-128.8.0-1.mga9

- 9/core/firefox-l10n-128.8.0-1.mga9

- 9/core/nss-3.109.0-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 12 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0092.html
Type: security
CVE: CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938

Topics%20covered

Topics Covered

security advisory buffer overflow firefox memory safety use-after-free nss Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here